Generative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass.
The post Threat actor abuse of AI accelerates from tool to cyberattack surface appeared first on Microsoft Security Blog. READ MORE HERE…
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution behind specially crafted HTTP cookies.
The post Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments appeared first on Microsoft Security Blog. READ MORE HERE…
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. Although the malicious versions are no longer available for download, since Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, this compromise exposed hundreds to potentially millions of users.
The post Mitigating the Axios npm supply chain compromise appeared first on Microsoft Security Blog. READ MORE HERE…
Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now.
The post The threat to critical infrastructure has changed. Has your readiness? appeared first on Microsoft Security Blog. READ MORE HERE…
Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment.
The post Applying security fundamentals to AI: Practical advice for CISOs appeared first on Microsoft Security Blog. READ MORE HERE…
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems.
The post WhatsApp malware campaign delivers VBScript and MSI backdoors appeared first on Microsoft Security Blog. READ MORE HERE…
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems.
The post WhatsApp malware campaign delivers VBS payloads and MSI backdoors appeared first on Microsoft Security Blog. READ MORE HERE…
Agentic AI introduces new security risks. Learn how the OWASP Top 10 Risks for Agentic Applications maps to real mitigations in Microsoft Copilot Studio.
The post Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio appeared first on Microsoft Security Blog. READ MORE HERE…
High-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Microsoft Defender applies asset-aware protection using Microsoft Security Exposure Management to detect and block threats against these critical systems. This article explores real-world attack scenarios and defense techniques.
The post How Microsoft Defender protects high-value assets in real-world attack scenarios appeared first on Microsoft Security Blog. READ MORE HERE…
Read the latest Microsoft Secure Access report for insights into why a unified identity and access strategy offers strong modern protection.
The post Identity security is the new pressure point for modern cyberattacks appeared first on Microsoft Security Blog. READ MORE HERE…